An integrated test facility is considered a useful audit
tool because it:
A. is a cost-efficient approach to auditing application
controls.
B. enables the financial and IS auditors to integrate their
audit tests.
C. compares processing output with independently calculated
data.
D. provides the IS auditor with a tool to analyze a large
range of information.
- 2 Answers
- 22108 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / shashank kandhway
An integrated test facility (ITF) creates a fictitious
entity in a database to process test transactions
simultaneously with live input. It can be used to
incorporate test transactions into a normal production run
of a system. Its advantage is that periodic testing does
not require separate test processes. However, careful
planning is necessary, and test data must be isolated from
production data.
Integrated test facility is considered a useful audit tool
during an IT audit because it uses the same programs to
compare processing using independently calculated data.
This involves setting up dummy entities on an application
system and processing test or production data against the
entity as a means of verifying processing accurary.
| Is This Answer Correct ? | 28 Yes | 1 No |
Answer / guest
Answer: C
An integrated test facility is considered a useful audit
tool because it uses the same programs to compare processing
using independently calculated data. This involves setting
up dummy entities on an application system and processing
test or production data against the entity as a means of
verifying processing accuracy.
| Is This Answer Correct ? | 29 Yes | 4 No |
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? A. Allow changes to be made only with the DBA user account. B. Make changes to the database after granting access to a normal user account C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.
Data edits are an example of: A. preventive controls. B. detective controls. C. corrective controls. D. compensating controls.
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that: A. this lack of knowledge may lead to unintentional disclosure of sensitive information. B. information security is not critical to all functions. C. IS audit should provide security training to the employees. D. the audit finding will cause management to provide continuous training to staff.
Which of the following is a network architecture configuration that links each station directly to a main hub? A. Bus B. Ring C. Star D. Completed connected
An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review? A. Controls are implemented based on cost-benefit analysis. B. The risk management framework is based on global standards. C. The approval process for risk response is in place. D. IT risk is presented in business terms.
Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly? A. Using key verification B. Segregating the data entry function from data entry verification C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks D. Adding check digits
An IS auditor is reviewing a project that is using an agile software development approach. Which of the following should the IS auditor expect to find? A. Use of a capability maturity model (CMM) B. Regular monitoring of task-level progress against schedule C. Extensive use of software development tools to maximize team productivity D. Postiteration reviews that identify lessons learned for future use in the project
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? A. Reviewing program code B. Reviewing operations documentation C. Turning off the UPS, then the power D. Reviewing program documentation
The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
Which of the following would MOST likely ensure that a system development project meets business objectives? A. Maintenance of program change logs B. Development of a project plan identifying all development activities C. Release of application changes at specific times of the year D. User involvement in system specification and acceptance
Which of the following alternative business recovery strategies would be LEAST appropriate for an organization with a large database and online communications network environment? A. Hot site B. Cold site C. Reciprocal agreement D. Dual information processing facilities
Cisco Certifications 
